Share Email Print

Proceedings Paper

Insider threat detection enabled by converting user applications into fractal fingerprints and autonomously detecting anomalies
Author(s): Holger M. Jaenisch; James Handley
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

We demonstrate insider threat detection for determining when the behavior of a computer user is suspicious or different from his or her normal behavior. This is accomplished by combining features extracted from text, emails, and blogs that are associated with the user. These sources can be characterized using QUEST, DANCER, and MenTat to extract features; however, some of these features are still in text form. We show how to convert these features into numerical form and characterize them using parametric and non-parametric statistics. These features are then used as input into a Random Forest classifier that is trained to recognize whenever the user's behavior is suspicious or different from normal (off-nominal). Active authentication (user identification) is also demonstrated using the features and classifiers derived in this work. We also introduce a novel concept for remotely monitoring user behavior indicator patterns displayed as an infrared overlay on the computer monitor, which the user is unaware of, but a narrow pass-band filtered webcam can clearly distinguish. The results of our analysis are presented.

Paper Details

Date Published: 7 May 2012
PDF: 22 pages
Proc. SPIE 8408, Cyber Sensing 2012, 840802 (7 May 2012); doi: 10.1117/12.914849
Show Author Affiliations
Holger M. Jaenisch, Johns Hopkins Univ. (United States)
Licht Strahl Engineering, Inc. (United States)
James Handley, Licht Strahl Engineering, Inc. (United States)

Published in SPIE Proceedings Vol. 8408:
Cyber Sensing 2012
Igor V. Ternovskiy; Peter Chin, Editor(s)

© SPIE. Terms of Use
Back to Top
Sign in to read the full article
Create a free SPIE account to get access to
premium articles and original research
Forgot your username?